Personalisation of security modules

ABSTRACT

A security module, a personalization unit and a method for use thereof, where the security module contains a secret key from a key pair for asymmetrical encryption, and the personalization unit produces a certificate about the public key from the key pair and sends it to the security module together with the public key from a central system. The security modules uses this certificate and the public key to protect the communication with a central system, particularly in the field of banking.

FIELD OF THE INVENTION

The invention relates to the personalization of cryptographical securitymodules.

BACKGROUND OF THE INVENTION

For operating automated teller machines, in particular, security modulesare used which comprise a cryptographical processor and a key memory.During operation of the automated teller machine, the security modulecryptographically protects all messages from or to a central system. Thekey memory cannot be read from the outside, but rather may be used onlyfor cryptographical operations, which means that once a key has beentransmitted to the security module it can no longer be compromised.

This operation, called personalization, is critical from the point ofview of security engineering. This applies particularly to thesymmetrical encryption used to-date, e.g. the DES method, in which oneand the same key is used for encryption and decryption. The manufacturerof the security module therefore needs a high level of complexity inorder to protect the keys used from being discovered. In particular,personalization needs to be performed on secure-access premises byspecial personnel. When only a few master keys are used, a particularlyhigh level of security complexity is needed. Customer-specificprogramming requires a high level of logistical and storage involvement,including the guarding of the store and transport.

It is an object of the invention to provide a method which allows thepersonalization to be performed immediately during startup by thecustomer himself at the place of use or in another not especially secureenvironment.

Patent specification U.S. Pat. No. 6,442,690 B1 describes apersonalization system for a cryptographical module. In this context,the cryptographical module is provided with a provisional key. For thepurpose of personalization, a check is first carried out to determinewhether this provisional key is available, and if appropriate isexchanged for a new one. In this case, the new keys are provided by thepersonalization unit by virtue of key management. It also proposes theuse of asymmetrical methods, which involve the use of a key paircomprising a public key and a secret key. The characteristics andadvantages of asymmetrical methods over symmetrical methods are knownfrom the relevant literature; knowledge of these is readily assumedbelow.

Patent specification U.S. Pat. No. 6,298,336 B1 describes atransportable activation appliance for chip cards with a paymentfunction, the chip cards being unusable until they are activated for theenvisaged applications in a cryptographically secure fashion.

Patent specification DE 199 19 909 C2 describes a method in which amessage can be signed using symmetrical encryption and can betransmitted in plain text without the need for the station producing thesignature to have the secret key.

SUMMARY OF THE INVENTION

The invention uses the insight that a transportable personalizationappliance which is of similar design to a security module and, inparticular, contains a protected key memory and a cryptographicalprocessor operating therewith allows the method described by theinvention to be handled particularly advantageously. The use of chipcards, in particular, is advantageous, since these together with mobilecomputers make a portable personalization appliance readily available.If a personalization appliance of this type is connected to the securitymodule in situ, then this alone provides a high level of security forthe correct security module actual being personalized. One particularadvantage is that the security module is already at the final location,and hence no further transport is required which would need to beprotected by guards. In the preferred embodiment, there is additionallyprovision for reciprocal authentication of the security module and thepersonalization unit, involving the security module being provisionallyinitialized, but not personalized, by the manufacturer. Thisinitialization may be the same for all modules, possibly apart fromconsecutive serial numbers.

What is involved is a security module, a personalization unit and amethod for use thereof, where the security module contains the secretkey from a key pair for asymmetrical encryption, and the personalizationunit produces a certificate about the public key from the key pair andsends it to the security module together with the public key from acentral system. The security module uses this certificate and the publickey to protect the communication with a central system, particularly inthe field of banking.

BRIEF DESCRIPTION OF THE DRAWINGS

The sole FIGURE schematically shows the invention in context.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

An automated teller machine 10 contains a security module 12 and isconnected in later use to a central system 22 via a network connection24 in a network 20. In addition, a personalization unit 30 is shownwhich has a chip card 32 having a cryptographical processor and a securekey memory. The dashed line in FIG. 1 is intended to indicate that thepersonalization unit 30 is placed only temporarily into the physicalproximity of the security module 10 and is connected via the dataconnection 34.

The term 37 central system” is used generically for remote communicationstations connected to the security module in the operating state.

The personalization unit is preferably a mobile computer which isequipped with a chip card as a cryptographical unit. This chip cardcomprises a secure key memory and uses the keys stored therein toperform the necessary cryptographical methods using data which aretransmitted via an interface on the chip card. The key memory isprotected to the extent that the protocol on the interface is monitoredfully by the processor on the chip card and is in a form such that thesecret keys from the key memory are not transmitted via the interface;it is merely possible to apply them to data. Accordingly, the integrityof public keys is produced either through storage in the key memory orby storing cryptographical hash values in the key memory. Even thoughthe known embodiment as a chip card is preferred according to ISO, aprocessor card in the PCMCIA format or an external module connected byUSB or Firewire may also be used. All of the software and the key memorymay readily also be contained in the mobile computer itself, even thoughthis is not the preferred embodiment on account of the lower security inmobile computers which are available at present.

In addition to the opportunity for cryptographical processing and thesecure key memory, the personalization unit has a communicationinterface which can be used for temporarily setting up a connection tothe security module. In the simplest case, this is a serial connectionbased on V.24, where a cable with connectors is temporarily plugged inand the connection is controlled by a user in this manner. Other dataconnections such as I²C, USB, Firewire etc. are equally possible.Wireless connections via infrared or radio, such as IrDA or Bluetooth,may be used equally well; in this case, there is no physical setup on aconnection. Bluetooth has the additional advantage that encryption ofthe communication is built in, even though the key management is left tothe application.

Cable and infrared connections have the advantage that the operator isable to ensure that the intended appliance is personalized if theconnection is routed directly to the security module which is to bepersonalized. For many uses, this authentication may be sufficient,which means that the preferred crypto-graphical authentication describedbelow can be dispensed with.

Following delivery and prior to the start of personalization, thesecurity module is in a personalization state which differs from thesubsequent operating state.

The connection between the personalization unit and the security moduleis preferably a cryptographically secure connection based on knownmethods, such as are known as TLS in connection with HTTPS, for example.Once the connection has been set up and is available, these methodsensure that the subsequent communication can be neither monitored normodified. This is normally done using a random key which is providedeither on the basis of the Diffie-Hellmann method without authenticationor within the context of authentication, such as in line with thepublication WO 91/14980 the contents of which are incorporated herein byreference. The security demands on the reciprocal authentication, whichneed to be ascertained for each instance of use, thus determine thedemands on the authentication which is to be used. In this regard, saidpatent specification DE 199 19 909 C2, incorporated herein by reference,may also be of use, according to which the manufacturer can put acertificate into a security module without possessing the key for theverification. It is also possible for the manufacturer to equip everysecurity module with a random key, which the accompanying documentscontain or which is sent independently via secure channels. Reciprocalauthentication then takes place using known challenge-response methods.

Once the secure connection has been set up between the security moduleand the personalization unit, the security module uses it to send thepublic key from a key pair whose private key is stored in its secure keymemory. This key pair, subsequently also called module key, may begenerated during actual manufacture, since the private key cannot leavethe security module and therefore also cannot be compromised on themanufacturer's premises.

Preferably, the key pair is not produced until personalization, however,because then the influence of the manufacturer is less and hence itssecurity proportions are less complex. In addition, a modifier (alsoreferred to as ‘salt’ in the literature) prescribed by thepersonalization unit can be transmitted too and influences the key pairproduced.

The security module now transmits the public key to the personalizationunit. The latter uses the secret key (stored in it) from a further keypair, subsequently referred to as a signing key, and in so doing signsthe public module key received from the security module. Such asignature for a public key, with or without this signed public key, issubsequently referred to as a certificate.

The personalization unit uses the existing secure connection to returnthe certificate to the security module, which stores the certificatepermanently and such that it is protected against alteration for use inthe operating state described below. In this case, as mentioned above,the integrity is protected by means of the secure key memory.

In one development of the invention, the personalization unit alsoreturns, together with the certificate, a public key from a centralsystem to which the security module needs to be connected in future inthe operating state. Preferably, this public key is likewise providedwith a certificate by the personalization unit, although the securitymodule cannot check this certificate until the security module containsa secure public key from the personalization unit. The latter thereforethirdly sends its public key together with a further certificate. Thiscertificate may either be issued by the central system and can then bechecked with the likewise transmitted public key from the centralsystem. This circular certification should be regarded more as aplausibility check, because the personalization unit is readily able toproduce an arbitrary key pair for the central system itself and can thenprovide the necessary certificate.

A better approach is the solution in which the public key from thepersonalization unit has been signed by a further key pair from themanufacturer, the manufacturer having entered his public key into thesecurity module during manufacture. The corresponding certificate istransmitted to the security module by the personalization unit.

Hence, it is then no longer necessary to authenticate thepersonalization unit to the security module when the connection is setup, since the personalization includes a check on the certificatestransmitted by the personalization unit. The fact that the public modulekey may then possibly be read without authorization is not criticalaccording to the principle of asymmetrical encryption. The manufacturermerely needs to sign the customers' signing keys as required and toenter its own public key into the security module.

If signing the signing key from the personalization unit means that datainterchange takes place between the manufacturer and the operator of thepersonalization unit any way, then the public key from the manufactureris also preferably interchanged too. The security module then produces afurther key pair at the conclusion of the manufacturing process, saidfurther key pair being permanently maintained and being used forsecurely identifying the security module. The associated public key issigned by the manufacturer, and the certificate is loaded into thesecurity module. The security module is thus able to prove its identity,that is to say to authenticate itself, by signing its serial number andother data prescribed by the personalization unit, such as a time stampand random numbers.

The connection between the personalization unit and the security moduleis now cleared down, and hence the personalization unit is isolated fromthe security module. The security module thus changes to the normaloperating state, in which further personalization is not possible. Freshpersonalization can be enforced by means of direct intervention in thesecurity module (or else by a command, for example from the centralsystem, which has been protected against misuse in whatever manner).However, this resetting to the personalization state entails thesecurity module erasing the key pair and enforcing generation of a newkey pair as part of the subsequent personalization.

In the operating state which follows personalization, a connection isnow set up between the security module and the central system, saidconnection likewise being protected through cryptographical means,particularly session keys. In this context, the security module sendsthe certificate issued by the personalization unit to the central systemtogether with its public key. The central system has previously beensent the public key from the personalization unit using anintegrity-controlled connection. (By way of example, the chip card ispersonalized by the central system). The central system is thus able tocheck whether the security module is authorized for the subsequenttransactions and, by way of example, is reliably able to convey the factthat an authentic bank card for a particular account number is availablefor paying a sum which has been sent at the same time. As a result ofthe security module having received from the personalization unit thepublic key from the central system, the security module again has theassurance that the messages received from the central system, e.g. theinstruction to pay a sum of money, originate from an authorized centralsystem.

For reasons of compatibility or speed, it is also possible for asymmetrical key to be transmitted from the central system to thesecurity module, said symmetrical key then being entered into the securekey memory and being used for a limited time for transactions usingprevious methods based on symmetrical cryptography.

In the preferred embodiment, any personalization on the chip card isshown in a log. This ensures that the certificate issued can bereconstructed at any time. If the chip card is compromised, disablingthe associated public key in the central system quickly provides aneffective countermeasure.

A security module which has not been personalized by the invention needsno particular guarding either during storage or during transport, sinceit cannot be used without personalization. This means that the value ofthe module is not significantly above the manufacturing value either andis also not customer-specific.

Since the personalization unit in the preferred embodiment can be usedonly with a chip card as cryptography unit, only the chip card needs tobe protected against misuse if the software is in an appropriate form.For this purpose, banks, in particular, have effective administrativemethods available using the four eyes principle.

One variant of the invention uses the existing data network, which isnecessary anyway in the operating state, to connect the security moduleto the personalization unit. This allows the personalization unit to beoperated securely and also to be integrated into the central system. Inthe latter case, the transmission of the public signing key from thesigning system to the central system (which transmission needs to beprotected against corruption) is simplified.

In this case, appropriate protocol elements are used to set up acryptographically secure (particularly against corruption) connection.As part of the secure identification and authentication, it is necessaryto ensure that also the “correct” security module is personalized.

The first solution involves an operator using a temporary direct dataconnection to enter a one-off transaction number which is sent to thepersonalization unit. This transaction number can be transported insecurity envelopes and may comprise 16 or more characters, for example.The connection to the security module also does not need to be secure,since the transaction number becomes worthless immediately after input.It thus suffices to have a simple key pad with a simple serial interfacewhich is connected temporarily to the security module. If the securitymodule has a key pad anyway, for example for diagnostic purposes, thenthis can be used for inputting the transaction number.

For very long transaction numbers, a mobile computer having one of theinterfaces indicated above is used. Preferably, the transaction numbersare then stored on a chip card, even though (encrypted) storage islikewise possible in the mobile computer's file system.

Alternatively, a mobile computer is used which conveys the secureidentification. The mobile computer uses two data interfaces, one forlocal connections and one for long-distance connections. For the localconnections, the devices already mentioned above which are used fortemporarily connecting the personalization unit in the other variantsare suitable. For the long-distance connections, either mobile radioconnections or other network connections are suitable. It is likewisepossible to route these connections via the local connection. The mobilecomputer may therefore also be a mobile telephone.

One variant of this conveyed identification produces a random number inthe mobile computer and, on the one hand, sends it to the securitymodule via the local connection, with the security module immediatelyforwarding it to the personalization unit. In parallel therewith, therandom number is sent directly to the personalization unit via thelong-distance connection. In the case of a mobile telephone, the callernumber communicated by the network operator will suffice in order toprovide adequate assurance of the identity of the mobile telephone. Inthe case of a general mobile computer, a secure HTTP connection usingthe TLS protocol is preferably used, in which case a chip card may alsobe used to protect the certificates used.

In this context, the identifying random number can be produced by any ofthe three appliances. Preferably, the random number is produced in thepersonalization unit, which sends it to the security module, which sendsit to the mobile computer, which returns it to the personalization unit.Only then is personalization continued. In this case, the random numberhas the same function as the transaction number previously; it is notformed until required. Forming it in the personalization unit assuresthe quality. Accordingly, the random number may also be formed in thesecurity module.

In this case too, a mobile appliance is temporarily connected to thesecurity module and assures the personalization unit of the identity ofthe security module which is to be personalized.

In all of these variants, the security module is personalized by virtueof the public key from a key pair produced in the security module beingcertified by a certification unit. The certificate obtained in thismanner is stored in the security module and is characteristic of thesubsequent operating state. The authentication to the certificationserver is based on a temporary data connection between the securitymodule and a mobile input unit which a user uses for this purpose.

1-21. (canceled)
 22. A method for operating a security module, saidmethod comprising the steps of: providing a security module having asecure key memory and at least one data interface; in a personalizationstate, setting up a connection to a personalization unit using the datainterface; using the security module to create a module key pair afreshand storing said module key pair in the key memory; sending a publicmodule key to the personalization unit via the connection; using thepersonalization unit to produce a certificate relevant to the publicmodule key by signing with a signing key from the personalization unit;causing the personalization unit to send the certificate to the securitymodule and storing said certificate securely therein; clearing down theconnection between the security module and the personalization unit;changing the security module from a personalization state to anoperating state; and setting up in the operating state, acryptographically secure connection to a central system, said connectioninvolving the use of a private module key and involving the publicmodule key together with the certificate being transmitted to thecentral system, where the certificate is checked.
 23. The method asclaimed in claim 22, where changeover to the personalization stateerases the module key.
 24. The method as claimed in claim 22, wherein inthe personalization state the connection between the security module andthe personalization unit is checked cryptographically for authenticityand is protected against corruption.
 25. The method as claimed in claim22, wherein a public key from the central system is transmitted togetherwith the module certificate, said public key being used in the operatingstate to check the authenticity of the central system.
 26. The method asclaimed in claim 25, wherein the public key from the central system issigned with the signing key from the personalization unit, and theresultant certificate is also transmitted and is checked by the securitymodule.
 27. The method as claimed in claim 26, wherein a signer's publicsigning key is signed by the central system creating anothercertificate, and this certificate is also transmitted and is checked bythe security module.
 28. The method as claimed in claim 22 wherein thekey memory in the security module stores a public checking key from amanufacturer, the personalization unit transmits its public signing keytogether with a certificate, formed with the checking key from themanufacturer, and the security module first checks the public signingkey's certificate with the public checking key and then checks thecertificates produced with the public signing key, and changes to theoperating state only if the check is successful.
 29. The method asclaimed in claim 22 wherein the security module is used to form apermanent identity key on a one-off basis, the associated public key issigned with the checking key from a manufacturer, and the correspondingcertificate is stored in the security module, and wherein the identitykey with a certificate is used to assure the personalization unit ofauthenticity on the basis of a challenge-response method.
 30. The methodas claimed in claim 22, wherein the security module sends thepersonalization module one of a time stamp and a random value which isincluded in the signature when the certificates are formed.
 31. Themethod as claimed in claim 22, wherein the personalization system sendsa variation value to the security module, which is used when the newmodule key is produced.
 32. The method as claimed in claim 22, whereinthe connection to the central system which has been set up using theprivate module key is used to interchange a symmetrical key forsubsequent transaction connections and to store it in the secure keymemory in the security module.
 33. The method as claimed in claim 22,wherein a mobile personalization unit is used which is connected to thesecurity module directly via a connection which is controlled by a user.34. The method as claimed in claim 22, wherein a user inputs a one-offtransaction number into the security module, either directly using aninput unit which is connected permanently to the security module orimmediately and directly using an input unit which is connected to thesecurity module by the user, and the connection to the personalizationunit is protected by transmitting the transaction number.
 35. The methodas claimed in claim 22, wherein a mobile appliance is connected to thepersonalization unit via a local connection to the security module,which local connection is controlled directly by a user, and along-distance connection, the mobile appliance identifies itself to thepersonalization unit, and as a result the security module is indirectlyidentified to the personalization unit.
 36. The method as claimed inclaim 35, wherein the local and long-distance connections are usedmerely for securely setting up a secure direct network connectionbetween the security module and the personalization unit.
 37. A methodfor personalizing a security module, comprising the following steps:connecting a security module to a personalization unit; connecting thesecurity module temporarily to an identification unit the connectionbeing accomplished by a user using an interface which is determined bythe user; sending via the identification unit, an identification value,which can be checked by the personalization unit, to the securitymodule, which forwards it to the personalization unit; and wherein thepersonalization unit performs the personalization if the check on theidentity value is positive.
 38. The method as claimed in claim 37, wherethe identification value is a one-off transaction number.
 39. The methodas claimed in claim 38, where the identification value is interchangedbetween the identification unit and the personalization unit using acryptographically authenticated data connection.
 40. A security modulecomprising: a programmable processor including memory for storing asecure key; at least one data interface for releasably coupling saidsecurity module to a personalization unit; means for creating a modulekey pair storable in said memory and for sending said module key to saidpersonalization unit; means for receiving and securely storing acertificate sent from said personalization unit; operating means forchanging said security module from a personalization state to anoperating state once said security module is no longer coupled to saidpersonalization unit; and means for establishing a cryptographicallysecure connection to a central system using a private module key, saidpublic module key and said certificate.
 41. A personalization unitcomprising: at least one data interface for coupling saidpersonalization unit to a security module; means for receiving a modulekey via said interface, said module keying being sent from said securitymodule; means for generating a signing key and producing a certificateregarding said module key, said certificate being produced by signingsaid module key with said signing key; and means for sending saidcertificate to said security module.
 42. A central system comprising: asecure key memory; at least one data interface; means for receiving aprivate module key; a public module key and a certificate from asecurity module; means for establishing a cryptographically secureconnection to said security module using said public module key, saidprivate module key and said certificate; and means for checking saidcertificate.